Security Incidents mailing list archives
IIS and Windows NT/2000
From: yousuc <yousuc () DONUTBLEET COM>
Date: Wed, 9 May 2001 08:02:10 -0500
Just thought I would pass this information along for those running IIS and Windows NT/2000. I have 5 IIS servers on the net. All receive over 50 attempts a day from various IPs. So far no one has been able to compromise any of my servers, even if I have not patched my servers with Microsofts latest patches. I have set up NTFS like most administrators, but I have taken the time to go thru all my files and folders and setup permissions manually. (Shouldnt all administrators do this?) :-) What I did was add IUSR_machinename to some files and folders where an IUSR_machinename does not need access to or be able to gain access to other folders on the machine. Be default most files and folders will allow EVERYONE Read & Execute permissions. For example on the latest exploit for IIS that exploits the use of CMD.EXE I setup the permissions for IUSR_machinename to be denied or to just READ only with NO EXECUTE. I have had caught over 20 IPs trying to use the UNICODE exploit from 05-05-2001 to 05-08-2001, all which was unsuccessful. So my point is, is that you should take the time to check/add/modify NTFS permissions accordingly for any Windows NT/2000 Server. Keeping up to date on the latest Microsoft Patches is another. Anyways I hope that this sheds some light for other Security Focus Administrators. For those who wish to use my services to protect your servers and information. You can reach me at my email below. Sincerely, Jay Ireland mailto:jireland () donutbleet com
Current thread:
- IIS and Windows NT/2000 yousuc (May 10)